vi /etc/bind/zones/kartbuilding.net.zone
//Begin file --------------------------------
$TTL 3h
@ IN SOA ns.kartbuilding.net. root.kartbuilding.net. (
2006120702 ; counter/ Serial ; in the format YYYYMMDDCC where CC - counter 1 to 99
20m ; refresh
15m ; Retry Interval
1w ; Expire
1h ) ; Negative Cache TTL
IN NS ns.kartbuilding.net. ; must the name of the name server used to register kartbuilding.net
; IN NS ns1.secondary nameserver. ; A semi-colon is used to comment out lines in bind configs.
IN MX 10 mail.burkesys.com.
ns IN A 136.201.1.250
mail IN A 88.198.194.194
wiki IN A 88.198.194.194
monitor IN A 136.201.1.250
www IN A 88.198.194.194
@ IN A 136.201.1.250 ; the @ is for the no www name. E.g. http://kartbuilding.net (without www's)
www.portal IN A 136.201.1.250
//End file ------------------------------------

Create Reverse DNS lookup file:
This is just for reverse DNS lookups. Reverse DNS entries also have to be made with your ISP - as reverse DNS entries come from them.

The /etc/bind/slaves directory must be created, and also bind must be given permission to write to this slaves directory. This is because bind runs as user bind - and can only edit files it owns, or if the directory is chmod'd 775.

mkdir /etc/bind/slaves
chown bind:bind /etc/bind/slaves
//I chose to change ownership of this file rather than chmod it 775.

Thats it! Secondary DNS setup. Restart/reload bind on both servers.
Check /var/log/daemon.log for updates'
Check also after the slave updates from the master. The slave will place dns files in /etc/bind/slaves/

Solutions: Disable ipv6 on Debian Sarge, or Disable ipv6 bind lookup, or use a different dns server for lookups.
It is difficult to cleanly disable ipv6 on Sarge, requiring reboot and trial and error.
In order to Disable ipv6 lookup on bind9 with Debian Sarge - a recompile is required. If you are using debian packages (like me) this is not ideal.
The default bind9 that ships with Debian Etch (9.3.2-P1.0-1) can easily be configured to use ipv4 by:

vi /etc/default/bind9
OPTIONS="-4 -u bind"
//-4 = to use ipv4 only.

As I was using Debian Sarge, and wanted a quick solution to my DNS lookup times, I decided to use my ISP dns server *only* for lookups. This entry is in /etc/resolv.conf and I put the following syntax:

search domainname.com
nameserver 43.111.98.12
nameserver 43.111.21.45

Bind will still serve out all domain names when requested. The above simply uses the ISP's dns server for lookups on the server.

Solving Problems, Failings and Warnings from DNS report by www.dnsstuff.com

Open DNS servers fail warnings

Typically bind will allow any other server/ip to query it and use it as a DNS server for its queries. Therefore - a foreign server could be doing a dns lookup for hundreds of domains etc. and may overload your dns server! Here is how to solve this:

vi /etc/bind/named.conf.options
//put the following as the very first line (note the ip of secondary dns server):
acl recurseallow { 136.201.1.250; 127.0.0.1; 88.211.211.211; };
// at the bottom of the same file put:
//recursion no;
allow-recursion { recurseallow; };

Debian squeeze by default will only allow localhost and localnets to perform dns lookups. To allow a particular IP or IP range to carry out dns lookups with your dns server, you need to add the following:

vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
//..........
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-recursion { ip.address.range/26; 172.20.20.0/24; ip.address; };
};

#On fedora, its a little different due to how the named options are stored. Here is the config:
vi /etc/named.conf
options {
pid-file "/var/named/chroot/var/run/named/named.pid";
directory "/var/named/chroot/var/named";
auth-nxdomain no;
//The following it to have a closed DNS Server.
allow-recursion { localhost; };
};
//
// a caching only nameserver config
//
zone "." {.................